A growing list of companies – from JP Morgan Chase to Walgreens – say hackers stole the email addresses of customers and employees in what could become one of the biggest online data breaches ever.
“Attackers are no longer just targeting infrastructure. They’re no longer just trying to break in and take down a company’s network for example. They’re also trying to steal the information companies have and use it to make a profit,” says Francis de Souza, Senior Vice President of Enterprise Security at Symantec.
The hackers broke in through an online marketing company called Epsilon, which sends more than 40-billion email ads each year to people who register for a company’s website or who give their emails while shopping. Epsilon says it’s investigating the incident.
Companies like Best Buy emailed their customers that only their names and e-mail addresses were stolen, no financial information such as credit card or social security numbers.
But experts say just having customers’ emails – plus knowing where they shop – helps hackers send specific emails to try and trick those customers into revealing their financial information.
De Souza says, “The email you’ll get will look legitimate. It will have your name in correctly and so you’re more likely to open it up and do what that email asks you to do. Very often, the attackers will ask you to send in account information or a password. In some cases, they’ll even ask you for credit card information.”
So far, it appears hackers have attacked 50 companies. But with more, like Verizon, coming forward to report new security breaches, experts say consumers should not click on anything they don’t recognize.
Bottom line: Hackers stole tens of millions of email addresses from U.S. retailers, banks and hotels in what may become one of the biggest data breaches ever.